001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.mgt;
020
021import org.apache.shiro.authz.AuthorizationException;
022import org.apache.shiro.cache.CacheManagerAware;
023import org.apache.shiro.session.Session;
024import org.apache.shiro.session.SessionException;
025import org.apache.shiro.session.mgt.DefaultSessionManager;
026import org.apache.shiro.session.mgt.SessionContext;
027import org.apache.shiro.session.mgt.SessionKey;
028import org.apache.shiro.session.mgt.SessionManager;
029import org.apache.shiro.util.LifecycleUtils;
030
031
032/**
033 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
034 * {@link org.apache.shiro.session.Session session} operations to a wrapped
035 * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance.  That is, this class implements the
036 * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely
037 * passthrough calls to the underlying 'real' {@code SessionManager} instance.
038 * <p/>
039 * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be
040 * implemented by subclasses.
041 * <p/>
042 * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
043 * possible, suitable default instances for all dependencies will be created upon instantiation.
044 *
045 * @since 0.9
046 */
047public abstract class SessionsSecurityManager extends AuthorizingSecurityManager {
048
049    /**
050     * The internal delegate <code>SessionManager</code> used by this security manager that manages all the
051     * application's {@link Session Session}s.
052     */
053    private SessionManager sessionManager;
054
055    /**
056     * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate
057     * instance.
058     */
059    public SessionsSecurityManager() {
060        super();
061        this.sessionManager = new DefaultSessionManager();
062        applyCacheManagerToSessionManager();
063    }
064
065    /**
066     * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's
067     * <tt>SessionManager</tt> method calls.
068     * <p/>
069     * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited
070     * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal
071     * <tt>SessionManager</tt> instance.
072     * <p/>
073     * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and
074     * initialized appropriately for the the existing runtime environment.
075     *
076     * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.
077     */
078    public void setSessionManager(SessionManager sessionManager) {
079        this.sessionManager = sessionManager;
080        afterSessionManagerSet();
081    }
082
083    protected void afterSessionManagerSet() {
084        applyCacheManagerToSessionManager();
085    }
086
087    /**
088     * Returns this security manager's internal delegate {@link SessionManager SessionManager}.
089     *
090     * @return this security manager's internal delegate {@link SessionManager SessionManager}.
091     * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager
092     */
093    public SessionManager getSessionManager() {
094        return this.sessionManager;
095    }
096
097    /**
098     * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
099     * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
100     * <code>CacheManager</code> is applied to the SessionManager as necessary.
101     */
102    protected void afterCacheManagerSet() {
103        super.afterCacheManagerSet();
104        applyCacheManagerToSessionManager();
105    }
106
107    /**
108     * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
109     * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
110     * <p/>
111     * Note:  This implementation only injects the CacheManager into the SessionManager if the SessionManager
112     * instance implements the {@link CacheManagerAware CacheManagerAware} interface.
113     */
114    protected void applyCacheManagerToSessionManager() {
115        if (this.sessionManager instanceof CacheManagerAware) {
116            ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager());
117        }
118    }
119
120    public Session start(SessionContext context) throws AuthorizationException {
121        return this.sessionManager.start(context);
122    }
123
124    public Session getSession(SessionKey key) throws SessionException {
125        return this.sessionManager.getSession(key);
126    }
127
128    public void destroy() {
129        LifecycleUtils.destroy(getSessionManager());
130        this.sessionManager = null;
131        super.destroy();
132    }
133}